Two Factor WordPress Authentication with Google Authenticator

By WP Saviour •  Updated: 09/22/20 •  7 min read

As an net entrepreneur, your web page is like your home on the Net. And likewise you want to maintain that dwelling safe, don’t you? In case you occur to’re using WordPress to run your web page – kudos! You’ve obtained a great dwelling, in an superior neighbourhood. (Your non-public residence being WordPress and the neighbourhood being the WordPress group!)

Instantly we’re gonna talk about tips about tips on how to improve WordPress security – using two-factor authentication – ‘2FA’ briefly. In my ultimate article, we talked about tips about tips on how to setup two-factor authentication using Duo Security – a renowned security company with purchasers like Sony and Esty.  On this article we’re going to find methods to setup two-factor authentication using the Google Authenticator WordPress plugin. This plugin was developed by Henrik Schack, further particulars in regards to the an identical could also be current in his weblog.

To make sure that this course of to work, you’ll desire a smartphone – each an Android cellphone, iPhone or a BlackBerry. Totally different working strategies like Symbian and Samsung’s JAVA based totally mobile working strategies shouldn’t supported. It’s as a result of our authentication software program program could be the Google Authenticator app in our cellphone. In case you occur to’ve used Gmail or Dropbox’s 2FA attribute beforehand, then you definitely definately’ve had wanted to arrange the Google Authenticator app. For folks who haven’t used the app – don’t concern. It’s a fairly easy course of!

Placing in Google Authenticator

We begin by placing within the plugin in WordPress. To try this, go to WordPress Dashboard > Plugins > Add New.


Search for “google authenticator” and arrange the first end result that is displayed (the plugin created by Henrik Schack).


As quickly because the plugin is downloaded and unpacked, Activate it.


Configuring Google Authenticator in WordPress

The Google Authenticator for WordPress plugin does not have a faithful menu entry inside the WordPress dashboard menu, nor does it have a sub-menu merchandise beneath Settings. It is important to activate this plugin on a per-user basis, an identical to in our ultimate 2FA tutorial. It’s possible you’ll entry the particular person shopper setting, by going to WP Dashboard > Prospects > Your Profile. Scroll down a bit and in addition you’ll uncover the settings headed beneath Google Authenticator Settings.

Google Authenticator Settings Outlined


Description: First up, you need to add a Description in your weblog. This description will allow you to acknowledge the placement inside the Google Authenticator app. As a result of chances are you’ll want numerous totally different apps linked to Google Authenticator, it’s on a regular basis best to utilize an accurate identifier (description). The weblog’s title will suffice. Let’s use ThinkingTeapot as a result of the identifier in our tutorial.

Relaxed Mode: The Relaxed Mode extends the password entry time from one minute to 4. This means you’ll have Four minutes to enter the 6 digit authentication code inside the login net web page. It’s possible you’ll enable this setting or depart it disabled – the choice is yours!

Secret: This secret’s wished in case you want to manually add the WordPress account to Google Authenticator app, i.e. with out using the QR code. To enter the important thing key inside the Google Authenticator app, run the Google Authenticator utility in your smartphone, and select Menu Key > Add Account > Enter Key Provided.

You’ll be able to even add your WordPress account to the Google Authenticator app by scanning the QR code. That’s the actually useful/easiest method as a result of it does now include any typing. Click on on on the Current/Conceal QR code button.


Open Google Authenticator in your smartphone, and seek for an chance known as Prepare Account inside the menu. Select it and it’ll take you to the Add an Account settings net web page.


Click on on on Scan a barcode and keep you digicam steadily, to grab the QR code. It usually takes a second or two for Google Authenticator to acknowledge the barcode.


It could then routinely acknowledge your WordPress weblog, and add it to the itemizing of linked suppliers/web pages in Google Authenticator. Now our web page is accurately linked to Google Authenticator. The final word step is to activate Google Authenticator in WordPress itself. Tick the Vigorous button correct beneath the Google Authenticator Settings.

App Passwords: App Passwords can help you login to your WordPress weblog using the XML-RPC interface. It’s meant for third event operating a weblog apps like Dwelling home windows Reside Writer or Microsoft Phrase 2013. It permits the apps to bypass the Google Authenticator security look at. Nonetheless, it is not likely useful to permit App Passwords since they present a essential security flaw for hackers to make use of.


Save the Settings: Lastly, to keep away from losing all these settings, click on on on Substitute Profile, found correct on the bottom of the Individual Profile net web page. In case you occur to fail do to this, your whole settings will most likely be misplaced!

Working the Magic

Now that’s all of the items is put in, let’s check out this little one out!


We logout from our WordPress account and go to the login show as soon as extra. Solely this time, we’re greeted by a simple nonetheless immensely extremely efficient two-factor authentication. We copy the code from the Google Authenticator app confirmed in our cellphone and paste it inside the respective topic. Enter this one-time password and open sesame!

Which Two-Subject Authentication Plugin should I Choose?

The choice between Duo Security and Google Authenticator boils all the best way all the way down to this – the web page that we’re trying to protect. In case you occur to’re focussed on security, then two-factor authentication is an excellent step. Google Authenticator for WordPress will get the job carried out.

Nonetheless in case you want to amp up the game, then Duo Security is your best wager. Notably for people who’ve had their web page hacked beforehand or people who uncover numerous unauthorized login makes an try of their web page ought to make use of this protocol.


The Google Authenticator WordPress plugin is a straightforward and trendy reply to entry stage two-factor authentication protocols. Duo Security provides reasonably extra choices like OTP (one time passwords) period by way of cellphone calls and SMS. In spite of everything, the service is chargeable after certain degree, but it surely absolutely incorporates quite a lot of compatibility. As an example, with cellphone and SMS OTP period, any cellphone with a supplier signal might be utilized.

Moreover, Duo Security makes use of a real-time PUSH protocol, which solely works when your cellphone is linked to the Net. In case you try to login, an automation Push notification is distributed to your mobile. While you press the Approve button, you’re routinely logged into your WordPress web page.

I personally would counsel using Duo Security as a result of it has way more authentication mediums for buying the one-time password, along with a plethora of various selections. In case you occur to’re working a web page the place there’s e-commerce involved, then using two-factor authentication would undoubtedly help improve security.

gp-9031082 as-8760158

WP Saviour

I am a WordPress specialist. My mission is to help you create beautiful websites with ease!